扩容节点
这里以添加 Work 节点 m7-power-128050 (172.27.128.50) 为例,定义主机名和 IP 环境变量:
export NODE_IP=172.27.128.50
export NODE_NAME=m7-power-128050
系统初始化
按照 01.系统初始化和全局变量.md 文档中的步骤对机器进行初始化。
拷贝 CA 证书和私钥
cd /opt/k8s/work
scp ca*.pem ca-config.json root@${NODE_IP}:/etc/kubernetes/cert
部署 kubectl
拷贝二进制程序:
cd /opt/k8s
scp kubernetes/client/bin/kubectl root@${NODE_IP}:/opt/k8s/bin/
ssh root@${NODE_IP} "chmod +x /opt/k8s/bin/*"
拷贝配置文件:
cd /opt/k8s/work
ssh root@${NODE_IP} "mkdir -p ~/.kube"
scp kubectl.kubeconfig root@${NODE_IP}:~/.kube/config
部署 flannel 组件
拷贝二进制程序:
cd /opt/k8s
scp flannel/{flanneld,mk-docker-opts.sh} root@${NODE_IP}:/opt/k8s/bin/
ssh root@${NODE_IP} "chmod +x /opt/k8s/bin/*"
拷贝证书和私钥:
cd /opt/k8s/work
ssh root@${NODE_IP} "mkdir -p /etc/flanneld/cert"
scp flanneld*.pem root@${NODE_IP}:/etc/flanneld/cert
scp ca.pem root@${NODE_IP}:/etc/flanneld/cert
拷贝 systemd unit 文件:
cd /opt/k8s/work
# 修改 flanneld.service 文件中的 -iface 参数值为实际网卡名称
scp flanneld.service root@${NODE_IP}:/etc/systemd/system/
启动 flanneld 服务:
ssh root@${NODE_IP} "systemctl daemon-reload && systemctl enable flanneld && systemctl restart flanneld"
检查启动结果:
ssh root@${NODE_IP} "systemctl status flanneld|grep Active"
确保状态为 active (running)
,否则查看日志,确认原因:
journalctl -u flanneld
查看接口 IP:
ssh root@${NODE_IP} "ip addr show flannel.1"
部署 docker 组件
拷贝文件:
cd /opt/k8s/
scp docker/docker* root@${NODE_IP}:/opt/k8s/bin/
ssh root@${NODE_IP} "chmod +x /opt/k8s/bin/*"
scp docker.service root@${NODE_IP}:/etc/systemd/system/
拷贝配置文件:
cd /opt/k8s/work/
ssh root@${NODE_IP} "mkdir -p /mnt/disk1/docker/{data,exec}"
ssh root@${NODE_IP} "mkdir -p /etc/docker/"
scp docker-daemon.json root@${NODE_IP}:/etc/docker/daemon.json
启动 docker 服务:
ssh root@${NODE_IP} "systemctl stop firewalld && systemctl disable firewalld"
ssh root@${NODE_IP} "iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat"
ssh root@${NODE_IP} "iptables -P FORWARD ACCEPT"
ssh root@${NODE_IP} "systemctl daemon-reload && systemctl enable docker && systemctl restart docker"
ssh root@${NODE_IP} 'for intf in /sys/devices/virtual/net/docker0/brif/*; do echo 1 > $intf/hairpin_mode; done'
检查服务状态:
ssh root@${NODE_IP} "systemctl status docker|grep Active"
部署 kubelet 组件
拷贝 K8S 二进制文件:
cd /opt/k8s/
scp kubernetes/server/bin/* root@${NODE_IP}:/opt/k8s/bin/
ssh root@${NODE_IP} "chmod +x /opt/k8s/bin/*"
拷贝 kubelet boostrap 文件:
cd /opt/k8s/work
scp kubelet-bootstrap.kubeconfig root@${NODE_IP}:/etc/kubernetes/kubelet-bootstrap.kubeconfig
根据模块创建 systemd unit 文件:
cd /opt/k8s/work
sed -e "s/##NODE_NAME##/${NODE_NAME}/" -e "s/##NODE_IP##/${NODE_IP}/" kubelet.service.template > kubelet-${NODE_NAME}.service
scp kubelet-${NODE_NAME}.service root@${NODE_IP}:/etc/systemd/system/kubelet.service
起服务:
ssh root@${NODE_IP} "mkdir -p /mnt/disk2/k8s/kubelet/log"
ssh root@${NODE_IP} "swapoff -a"
ssh root@${NODE_IP} "systemctl daemon-reload && systemctl enable kubelet && systemctl restart kubelet"
查看启动情况:
kubectl get nodes ${NODE_NAME}
输出:
m7-power-128050 Ready <none> 5m v1.8.15
部署 kube-proxy 组件
根据模板文件创建节点的 kube-proxy 配置文件:
cd /opt/k8s/work
sed -e "s/##NODE_NAME##/${NODE_NAME}/" -e "s/##NODE_IP##/${NODE_IP}/" kube-proxy.config.yaml.template > kube-proxy-${NODE_NAME}.config.yaml
scp kube-proxy-${NODE_NAME}.config.yaml root@${NODE_IP}:/etc/kubernetes/kube-proxy.config.yaml
拷贝 kubeconfig 文件:
cd /opt/k8s/work
scp kube-proxy.kubeconfig root@${NODE_IP}:/etc/kubernetes/
拷贝 systemd unit 文件:
cd /opt/k8s/work
scp kube-proxy.service root@${NODE_IP}:/etc/systemd/system/kube-proxy.service
起服务:
ssh root@${NODE_IP} "mkdir -p /mnt/disk2/k8s/kube-proxy"
ssh root@${NODE_IP} "systemctl daemon-reload && systemctl enable kube-proxy && systemctl restart kube-proxy"
检查启动结果:
ssh root@${NODE_IP} "systemctl status kube-proxy|grep Active"
结果中必须包含 Active: active (running)
,否则查看日志,排查原因。
检查 iptables 规则是否添加:
ssh root@${NODE_IP} "/usr/sbin/iptables -nL -t nat|grep kubernetes:https"
输出类似于:
KUBE-MARK-MASQ all -- 172.27.128.107 0.0.0.0/0 /* default/kubernetes:https */
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ tcp to:172.27.128.107:6443
KUBE-MARK-MASQ all -- 172.27.128.123 0.0.0.0/0 /* default/kubernetes:https */
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ tcp to:172.27.128.123:6443
KUBE-MARK-MASQ all -- 172.27.128.71 0.0.0.0/0 /* default/kubernetes:https */
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ tcp to:172.27.128.71:6443
KUBE-MARK-MASQ tcp -- !172.30.0.0/16 10.254.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443
KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- 0.0.0.0/0 10.254.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443
KUBE-SEP-5NBUVTPI25CJ3LUF all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ statistic mode random probability 0.33332999982
KUBE-SEP-WJUQKTGTDY252PCA all -- 0.0.0.0/0 0.0.0.0/0 /* default/kubernetes:https */ statistic mode random probability 0.50000000000
KUBE-SEP-WR6LBNIK2S2UCATZ all -- 0.0.0
安装 Ceph 客户端工具
需要在使用 Ceph 的每个 K8S 节点上安装 Ceph 客户端工具。
创建 yum 源配置文件:
sudo yum install -y epel-release
cat << "EOM" > /etc/yum.repos.d/ceph.repo
[ceph]
name=Ceph packages for $basearch
baseurl=http://download.ceph.com/rpm-luminous/el7/$basearch
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://download.ceph.com/keys/release.asc
priority=1
[ceph-noarch]
name=Ceph noarch packages
baseurl=https://download.ceph.com/rpm-luminous/el7/noarch
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://download.ceph.com/keys/release.asc
priority=1
[ceph-source]
name=Ceph source packages
baseurl=http://download.ceph.com/rpm-luminous/el7/SRPMS
enabled=1
gpgcheck=1
type=rpm-md
gpgkey=https://download.ceph.com/keys/release.asc
priority=1
EOM
- 注意:ceph repo 的版本需要与 ceph 集群版本一致,如上面配置的是 luminous 版本源。
安装 Ceph 客户端工具:
yum clean all && yum update
yum install -y ceph-common
安装的命令行工具列表:
$ rpm -ql ceph-common|grep bin
/usr/bin/ceph
/usr/bin/ceph-authtool
/usr/bin/ceph-brag
/usr/bin/ceph-conf
/usr/bin/ceph-dencoder
/usr/bin/ceph-post-file
/usr/bin/ceph-rbdnamer
/usr/bin/ceph-syn
/usr/bin/rados
/usr/bin/rbd
挂载 CephFS
创建挂载目录:
sudo mkdir -p /etc/ceph /mnt/cephfs/k8s/power
创建 secret 文件:
sudo scp root@172.27.128.100:/etc/ceph/ceph.client.admin.keyring /etc/ceph/
sudo awk '/key = / {print $3}' /etc/ceph/ceph.client.admin.keyring >/etc/ceph/ceph-admin.secret
挂载 CephFS:
sudo mount -t ceph 172.27.128.100:6789:/k8s/power /mnt/cephfs/k8s/power -o name=admin,secretfile=/etc/ceph/ceph-admin.secret,noatime
确认挂载成功:
$ mount|grep ceph
172.27.128.100:6789:/k8s/power/ on /mnt/cephfs/k8s/power type ceph (rw,noatime,name=admin,secret=<hidden>,acl)
在 /etc/fstab 中添加一行开启自动挂载记录:
172.27.128.100:6789:/k8s/power/ /mnt/cephfs/k8s/power ceph name=admin,secretfile=/etc/ceph/ceph-admin.secret,noatime 0 0
给节点打标签
for label in es-data=true prophet.4paradigm.com/addon=true prophet.4paradigm.com/app=true \
prophet.4paradigm.com/elasticsearch=true prophet.4paradigm.com/offline=true \
prophet.4paradigm.com/online=true prophet.4paradigm.com/system=true prophet=true; \
do kubectl label node ${NODE_NAME} $label;done